redline | deceeec4d99e6b4b70de57d6ee732b1f70e6cbb9ea27d0bb7304fd51b1ca0b2d | Triage

Submit
Reports

Overview

overview

Static

static

bc9964b04c...1e.exe

windows7_x64

bc9964b04c...1e.exe

windows10-2004_x64

Sharing

General

Target

bc9964b04c2c38eb8fab28aae525071e.exe
Size

106KB
Sample

220421-ahn4eachb7
MD5

bc9964b04c2c38eb8fab28aae525071e
SHA1

62599cf43426898880b02997370780db75a157bf
SHA256

deceeec4d99e6b4b70de57d6ee732b1f70e6cbb9ea27d0bb7304fd51b1ca0b2d
SHA512

388c8136ee8e78c31266ac7b56ea177573fae7f6935fc6fce399fa724b68b57fb094fc6f0ef6d84e1b92566b48693108cfb7c18b4917c63f1086c5441c19a46f

Score

10^/10

redline 7 discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

bc9964b04c2c38eb8fab28aae525071e.exe

Resource

win7-20220414-en

redline 7 discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bc9964b04c2c38eb8fab28aae525071e.exe

Resource

win10v2004-20220414-en

redline 7 discovery infostealer spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

Botnet

7

C2

49.12.222.31:8854

Attributes

auth_value
811329e6a45eab1a6b331f7b5c15ef6d

Targets

- Target
  
  bc9964b04c2c38eb8fab28aae525071e.exe
- Size
  
  106KB
- MD5
  
  bc9964b04c2c38eb8fab28aae525071e
- SHA1
  
  62599cf43426898880b02997370780db75a157bf
- SHA256
  
  deceeec4d99e6b4b70de57d6ee732b1f70e6cbb9ea27d0bb7304fd51b1ca0b2d
- SHA512
  
  388c8136ee8e78c31266ac7b56ea177573fae7f6935fc6fce399fa724b68b57fb094fc6f0ef6d84e1b92566b48693108cfb7c18b4917c63f1086c5441c19a46f
Score

10^/10

redline 7 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redline7discoveryinfostealerspywarestealer

behavioral2

redline7discoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy